News for package chromium-browser

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 3.0 (quilt)
Source: chromium-browser
Binary: chromium, chromium-l10n, chromium-shell, chromium-widevine, chromium-driver, chromedriver
Architecture: i386 amd64 arm64 armhf all
Version: 70.0.3538.67-1~deb9u1
Maintainer: Debian Chromium Maintainers <pkg-chromium-maint@lists.alioth.debian.org>
Uploaders:  Michael Gilbert <mgilbert@debian.org>, Riku Voipio <riku.voipio@linaro.org>
Homepage: http://www.chromium.org/Home
Standards-Version: 3.9.8
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-chromium/pkg-chromium.git
Vcs-Git: git://anonscm.debian.org/pkg-chromium/pkg-chromium.git
Build-Depends: debhelper (>= 9), python3, pkg-config, ninja-build, python-jinja2, ca-certificates, wget, flex, yasm, xvfb, wdiff, gperf, bison, valgrind, xz-utils, x11-apps, xfonts-base, libglewmx-dev, libgl1-mesa-dev, libglu1-mesa-dev, libegl1-mesa-dev, libgles2-mesa-dev, mesa-common-dev, libxt-dev, libre2-dev, libgbm-dev, libpng-dev, libxss-dev, libelf-dev, libvpx-dev, libpci-dev, libcap-dev, libdrm-dev, libicu-dev, libffi-dev, libkrb5-dev, libexif-dev, libflac-dev, libudev-dev, libopus-dev, libwebp-dev, libxtst-dev, libsrtp-dev, libjpeg-dev, libxml2-dev, libgtk-3-dev, libgtk2.0-dev, libxslt1-dev, libpulse-dev, libpam0g-dev, libsnappy-dev, libgconf2-dev, libavutil-dev, libavcodec-dev (>= 7:3.0), libavformat-dev, libglib2.0-dev, libasound2-dev, libsqlite3-dev, libjsoncpp-dev, libspeechd-dev (>= 0.8.4), libminizip-dev, libhunspell-dev, libharfbuzz-dev (>= 1.2.7), libusb-1.0-0-dev, libopenjp2-7-dev, libmodpbase64-dev, libgnome-keyring-dev, libnss3-dev (>= 3.12.3), libnspr4-dev (>= 2:4.9), libcups2-dev (>= 1.5.0), libevent-dev (>= 1.4.13), libjs-jquery, libjs-excanvas, libjs-jquery-flot, libgcrypt20-dev, fonts-ipafont-gothic, fonts-ipafont-mincho
Package-List:
 chromedriver deb web optional arch=i386,amd64,arm64,armhf
 chromium deb web optional arch=i386,amd64,arm64,armhf
 chromium-driver deb web optional arch=i386,amd64,arm64,armhf
 chromium-l10n deb localization optional arch=all
 chromium-shell deb web optional arch=i386,amd64,arm64,armhf
 chromium-widevine deb contrib/web optional arch=i386,amd64,arm64,armhf
Checksums-Sha1:
 7a36f291c4b36b7dec2ef8b9e82e20153deae1e8 205802572 chromium-browser_70.0.3538.67.orig.tar.xz
 65ec4022e2c146c48dabbb4358391e7654411317 159220 chromium-browser_70.0.3538.67-1~deb9u1.debian.tar.xz
Checksums-Sha256:
 8b5a3ec76bb4f158e5716d5782df746cf8f4b737126c9ba0b47d1962d586ffa7 205802572 chromium-browser_70.0.3538.67.orig.tar.xz
 adffe64c53573d17477180a53c343a6330138cb8b2e7fe41a7b1d7a1fc459b7d 159220 chromium-browser_70.0.3538.67-1~deb9u1.debian.tar.xz
Files:
 e948e133f96a511a2ec1aaa7a18955e8 205802572 chromium-browser_70.0.3538.67.orig.tar.xz
 934c22f01be1ec501033c158c56259f5 159220 chromium-browser_70.0.3538.67-1~deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQQzBAEBCgAdFiEEluhy7ASCBulP9FUWuNayzQLW9HMFAlvZQNsACgkQuNayzQLW
9HPerx//X3vDWPsCZ22SKFipVznRmc9uKb0ApDEnayfqVi7aJi/rOPjF99eOtOKo
YB2Cp6SIlTIBFljQU/wRsW2wrY0tuUZICZwy4k8+XhrT0vbh2VHega9bgYiJXcji
aOKEaIWs/Hx2ez5ZJpYdiMB9PSYgpmM0VCDVcIfO7vagjjpwN+Pqj3KBK39vRy93
foRBWHkVYm+NVBwp6j1q3aRuOOxYmW9HzwfBblvn1S2s1vPwZkMbFCzed3JY/cl5
E91q7a8oPjVsyl81HCP2Pwga70JB7oXo/vjTferBE9sj2/g3HjxjO+8WoNwHVbZy
rNQnsdKBB5v+I6HJCwkZztAyVOzypV7Qa84G1ve8vxvAEvncPRblWDTRIcefqlAU
CnClMLRla9MzhDNL/HzBmafir67ZeBzIRIiRP6jtTBohSSmkZz4SjqLJN9b6hpsF
hYBaErGL2LSynb/VgHpPXR/FIK7aer5G8JuWUlTq1JK4xxNJ6imOGaSgZCFxg6rq
bi06YWqQeHLNC/Pt0wgYNTxVI8z18lXq3PnT5Bc/vFMvZ+EBd/FsOYp/5x/ELY8E
wufU85UN9H5yRXe/G/pBUiS4P1Ng8OOP0YW4ity18geT9awl0DuqWhgdQd4uBGWs
vKyPOevM7MgGHn4g1HysUYFZifzIpFiuQu4Ta1MikJ9wLAvGPTMxCHk5qfw+d1T4
UB88Y/SOnjks7Tadn8ekM6sULSqSb8yRjmmeme4emW38Ws4DnM5VStjofvXMJEG8
glzJsOyB9zcCNhC/NQ/Rxg6qNkYsIu2F9g7N9QFnCxD63HnUmVC5mLs7RvQ/DCtv
kKx0a13r4ZDwJW4ja0TPyS5rDfelrtBOvP3QXPXGmzOH4iPegCLFPvscxueL7tR/
v2pV+DOAn5/eqLq5BSJlkpigGvQE9Qvn4iFnYV7RTz+X2Myay043+holcC0zIxUa
rtc8y5soxgwr8xI43/tTQbjngvf0Ssjm/hBWyw0tSJFbMoMqd1oGhozWusPm8aLb
ps/C9UZtaMdXBdKW1nxYqC8+C++faYn5tnKHMbLen7HJ8HIBzKhnaAL5oIBOzv4E
ij2pMrLVt25WDGmvhLvRKJmWpvipVXRR50yPI2JaWz5yGMhi6ClUnTQmYjppqUya
Tvud2HmD4lfbWQn2Iqgx90K5MVGJxKyKpVfzMtAz4em0ETLXF5CFnsgIXUMa4AYq
BK1JmxCK2JUQd6TsB8UijOdwAKnw9u6lYvpI9uEUkQu9BqIwlIH3yLQ8hQmXIJIG
/jqQno/0OkBlhLpiuZ1s1d/trPIFHlX/02ivydpinY97TSFcwwarW8SVFwNlFnBl
OtTaPDwwuo2BZ+MRDPz6Uc+WY1yV/A==
=WRxK
-----END PGP SIGNATURE-----

<span id="changes">Changes:</span>
chromium-browser (70.0.3538.67-1~deb9u1) stretch-security; urgency=medium

  * New upstream stable release.
    - CVE-2018-17462: Sandbox escape in AppCache. Reported by Ned Williamson
      and Niklas Baumstark
    - CVE-2018-17463: Remote code execution in V8. Reported by Ned Williamson
      and Niklas Baumstark
    - Heap buffer overflow in Little CMS in PDFium. Reported by Quang Nguyễn
    - CVE-2018-17464: URL spoof in Omnibox. Reported by xisigr
    - CVE-2018-17465: Use after free in V8. Reported by Lin Zuojian
    - CVE-2018-17466: Memory corruption in Angle. Reported by Omair
    - CVE-2018-17467: URL spoof in Omnibox. Reported by Khalil Zhani
    - CVE-2018-17468: Cross-origin URL disclosure in Blink. Reported by James
      Lee
    - CVE-2018-17469: Heap buffer overflow in PDFium. Reported by Zhen Zhou
    - CVE-2018-17470: Memory corruption in GPU Internals. Reported by Zhe Jin
    - CVE-2018-17471: Security UI occlusion in full screen mode. Reported by
      Lnyas Zhang
    - CVE-2018-17473: URL spoof in Omnibox. Reported by Khalil Zhani
    - CVE-2018-17474: Use after free in Blink. Reported by Zhe Jin
    - CVE-2018-17475: URL spoof in Omnibox. Reported by Vladimir Metnew
    - CVE-2018-17476: Security UI occlusion in full screen mode. Reported by
      Khalil Zhani
    - CVE-2018-5179: Lack of limits on update() in ServiceWorker. Reported by
      Yannic Bonenberger
    - CVE-2018-17477: UI spoof in Extensions. Reported by Aaron Muir Hamilton

 -- Michael Gilbert <mgilbert@debian.org>  Wed, 31 Oct 2018 00:46:08 +0000